create-quiver 0.15.4 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (179) hide show
  1. package/.github/pull_request_template.md +17 -0
  2. package/.github/workflows/ci.yml +76 -0
  3. package/.markdown-link-check.json +15 -0
  4. package/.markdownlint.json +11 -0
  5. package/.quiver/runs/run-2026-06-09t19-14-39z/approvals.json +5 -0
  6. package/.quiver/runs/run-2026-06-09t19-14-39z/decisions.md +2 -0
  7. package/.quiver/runs/run-2026-06-09t19-14-39z/requirement.md +0 -0
  8. package/.quiver/runs/run-2026-06-09t19-14-39z/snapshots/20260609T191439Z/docs/INDEX.md +97 -0
  9. package/.quiver/runs/run-2026-06-09t19-14-39z/snapshots/20260609T191439Z/manifest.json +61 -0
  10. package/.quiver/runs/run-2026-06-09t19-14-39z/state.json +28 -0
  11. package/ACTIVE_SLICES.md +43 -0
  12. package/ARCHITECTURE.md +133 -0
  13. package/CHANGELOG.md +12 -0
  14. package/CONTRIBUTING.md +174 -9
  15. package/README.md +10 -1
  16. package/ROADMAP.md +4 -0
  17. package/SECURITY.md +9 -2
  18. package/auditoria-ux-ui-performance-documentacion.md +705 -0
  19. package/copys-landing-page.md +244 -0
  20. package/docs/AI_CONTEXT.md.es.template +3 -1
  21. package/docs/AI_CONTEXT.md.template +3 -1
  22. package/docs/CLI_UX_GUIDE.md +9 -1
  23. package/docs/COMMANDS.md.template +20 -6
  24. package/docs/GITFLOW_PR_GUIDE.md +73 -11
  25. package/docs/GITFLOW_PR_GUIDE.md.es.template +61 -2
  26. package/docs/GITFLOW_PR_GUIDE.md.template +72 -10
  27. package/docs/INDEX.md +1 -0
  28. package/docs/QUICK.md.template +2 -1
  29. package/docs/STANDARD.md.template +2 -1
  30. package/docs/WORKFLOW.md.es.template +3 -1
  31. package/docs/WORKFLOW.md.template +6 -4
  32. package/docs/ai/ACTIVE_SLICE.md +61 -0
  33. package/docs/getting-started/installation.md +7 -0
  34. package/docs/reference/commands.md +104 -6
  35. package/docs/reference/slice-schema.md +37 -0
  36. package/docs/schema/slice.schema.json +221 -0
  37. package/docs/specs/01-spec/01-slice/01-slice.json +36 -0
  38. package/docs/specs/01-spec/01-slice/01-slice.md +106 -0
  39. package/docs/specs/01-spec/01-slice/CLOSURE_BRIEF.md +80 -0
  40. package/docs/specs/01-spec/01-slice/EXECUTION_BRIEF.md +39 -0
  41. package/docs/specs/01-spec/02-slice/02-slice.json +36 -0
  42. package/docs/specs/01-spec/02-slice/02-slice.md +108 -0
  43. package/docs/specs/01-spec/02-slice/CLOSURE_BRIEF.md +88 -0
  44. package/docs/specs/01-spec/02-slice/EXECUTION_BRIEF.md +40 -0
  45. package/docs/specs/01-spec/03-slice/03-slice.json +36 -0
  46. package/docs/specs/01-spec/03-slice/03-slice.md +103 -0
  47. package/docs/specs/01-spec/03-slice/CLOSURE_BRIEF.md +54 -0
  48. package/docs/specs/01-spec/03-slice/EXECUTION_BRIEF.md +39 -0
  49. package/docs/specs/01-spec/04-slice/04-slice.json +36 -0
  50. package/docs/specs/01-spec/04-slice/04-slice.md +107 -0
  51. package/docs/specs/01-spec/04-slice/CLOSURE_BRIEF.md +46 -0
  52. package/docs/specs/01-spec/04-slice/EXECUTION_BRIEF.md +39 -0
  53. package/docs/specs/01-spec/05-slice/05-slice.json +36 -0
  54. package/docs/specs/01-spec/05-slice/05-slice.md +106 -0
  55. package/docs/specs/01-spec/05-slice/CLOSURE_BRIEF.md +84 -0
  56. package/docs/specs/01-spec/05-slice/EXECUTION_BRIEF.md +109 -0
  57. package/docs/specs/01-spec/06-slice/06-slice.json +36 -0
  58. package/docs/specs/01-spec/06-slice/06-slice.md +107 -0
  59. package/docs/specs/01-spec/06-slice/CLOSURE_BRIEF.md +67 -0
  60. package/docs/specs/01-spec/06-slice/EXECUTION_BRIEF.md +39 -0
  61. package/docs/specs/01-spec/07-slice/07-slice.json +36 -0
  62. package/docs/specs/01-spec/07-slice/07-slice.md +105 -0
  63. package/docs/specs/01-spec/07-slice/CLOSURE_BRIEF.md +71 -0
  64. package/docs/specs/01-spec/07-slice/EXECUTION_BRIEF.md +39 -0
  65. package/docs/specs/01-spec/08-slice/08-slice.json +36 -0
  66. package/docs/specs/01-spec/08-slice/08-slice.md +105 -0
  67. package/docs/specs/01-spec/08-slice/CLOSURE_BRIEF.md +114 -0
  68. package/docs/specs/01-spec/08-slice/EXECUTION_BRIEF.md +39 -0
  69. package/docs/specs/01-spec/CLOSURE_BRIEF.md +87 -0
  70. package/docs/specs/01-spec/spec.md +197 -0
  71. package/docs/workflows/full-ai-spec-to-pr.md +46 -3
  72. package/i18n/es/docs/GITFLOW_PR_GUIDE.md.template +38 -1
  73. package/package.json +27 -1
  74. package/pr.md +154 -0
  75. package/scripts/package-quiver.sh +82 -2
  76. package/scripts/release-quiver.sh +14 -3
  77. package/specs/[project-name]/slices/pr.md.template +19 -0
  78. package/specs/quiver-v43-cli-i18n-audit-release-readiness/command-language-mode-matrix.json +91 -0
  79. package/specs/quiver-v50-audit-trust-foundation/EVIDENCE_REPORT.md +151 -0
  80. package/specs/quiver-v50-audit-trust-foundation/EXECUTION_PLAN.md +34 -0
  81. package/specs/quiver-v50-audit-trust-foundation/SPEC.md +113 -0
  82. package/specs/quiver-v50-audit-trust-foundation/STATUS.md +26 -0
  83. package/specs/quiver-v50-audit-trust-foundation/pr.md +120 -0
  84. package/specs/quiver-v50-audit-trust-foundation/slices/slice-00-audit-baseline-and-resolved-findings/CLOSURE_BRIEF.md +20 -0
  85. package/specs/quiver-v50-audit-trust-foundation/slices/slice-00-audit-baseline-and-resolved-findings/EXECUTION_BRIEF.md +58 -0
  86. package/specs/quiver-v50-audit-trust-foundation/slices/slice-00-audit-baseline-and-resolved-findings/slice.json +57 -0
  87. package/specs/quiver-v50-audit-trust-foundation/slices/slice-01-runtime-minimum-and-package-metadata/CLOSURE_BRIEF.md +24 -0
  88. package/specs/quiver-v50-audit-trust-foundation/slices/slice-01-runtime-minimum-and-package-metadata/EXECUTION_BRIEF.md +67 -0
  89. package/specs/quiver-v50-audit-trust-foundation/slices/slice-01-runtime-minimum-and-package-metadata/slice.json +71 -0
  90. package/specs/quiver-v50-audit-trust-foundation/slices/slice-02-migrate-write-safety-contract/CLOSURE_BRIEF.md +24 -0
  91. package/specs/quiver-v50-audit-trust-foundation/slices/slice-02-migrate-write-safety-contract/EXECUTION_BRIEF.md +71 -0
  92. package/specs/quiver-v50-audit-trust-foundation/slices/slice-02-migrate-write-safety-contract/slice.json +81 -0
  93. package/specs/quiver-v50-audit-trust-foundation/slices/slice-03-security-reporting-channel/CLOSURE_BRIEF.md +22 -0
  94. package/specs/quiver-v50-audit-trust-foundation/slices/slice-03-security-reporting-channel/EXECUTION_BRIEF.md +57 -0
  95. package/specs/quiver-v50-audit-trust-foundation/slices/slice-03-security-reporting-channel/slice.json +56 -0
  96. package/specs/quiver-v50-audit-trust-foundation/slices/slice-04-user-facing-i18n-error-coverage/CLOSURE_BRIEF.md +23 -0
  97. package/specs/quiver-v50-audit-trust-foundation/slices/slice-04-user-facing-i18n-error-coverage/EXECUTION_BRIEF.md +68 -0
  98. package/specs/quiver-v50-audit-trust-foundation/slices/slice-04-user-facing-i18n-error-coverage/slice.json +84 -0
  99. package/specs/quiver-v50-audit-trust-foundation/slices/slice-05-init-analyze-progress-and-summaries/CLOSURE_BRIEF.md +25 -0
  100. package/specs/quiver-v50-audit-trust-foundation/slices/slice-05-init-analyze-progress-and-summaries/EXECUTION_BRIEF.md +73 -0
  101. package/specs/quiver-v50-audit-trust-foundation/slices/slice-05-init-analyze-progress-and-summaries/slice.json +72 -0
  102. package/specs/quiver-v50-audit-trust-foundation/slices/slice-06-contributor-and-architecture-docs/CLOSURE_BRIEF.md +22 -0
  103. package/specs/quiver-v50-audit-trust-foundation/slices/slice-06-contributor-and-architecture-docs/EXECUTION_BRIEF.md +66 -0
  104. package/specs/quiver-v50-audit-trust-foundation/slices/slice-06-contributor-and-architecture-docs/slice.json +74 -0
  105. package/specs/quiver-v50-audit-trust-foundation/slices/slice-07-ci-and-documentation-lint-baseline/CLOSURE_BRIEF.md +29 -0
  106. package/specs/quiver-v50-audit-trust-foundation/slices/slice-07-ci-and-documentation-lint-baseline/EXECUTION_BRIEF.md +74 -0
  107. package/specs/quiver-v50-audit-trust-foundation/slices/slice-07-ci-and-documentation-lint-baseline/slice.json +81 -0
  108. package/specs/quiver-v51-cli-ergonomics-automation-contracts/EVIDENCE_REPORT.md +145 -0
  109. package/specs/quiver-v51-cli-ergonomics-automation-contracts/EXECUTION_PLAN.md +32 -0
  110. package/specs/quiver-v51-cli-ergonomics-automation-contracts/SPEC.md +109 -0
  111. package/specs/quiver-v51-cli-ergonomics-automation-contracts/STATUS.md +25 -0
  112. package/specs/quiver-v51-cli-ergonomics-automation-contracts/pr.md +69 -0
  113. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-00-cli-contract-baseline/CLOSURE_BRIEF.md +20 -0
  114. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-00-cli-contract-baseline/EXECUTION_BRIEF.md +58 -0
  115. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-00-cli-contract-baseline/slice.json +56 -0
  116. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-01-flow-json-compatibility/CLOSURE_BRIEF.md +21 -0
  117. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-01-flow-json-compatibility/EXECUTION_BRIEF.md +61 -0
  118. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-01-flow-json-compatibility/slice.json +68 -0
  119. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-02-dashboard-section-validation-i18n/CLOSURE_BRIEF.md +25 -0
  120. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-02-dashboard-section-validation-i18n/EXECUTION_BRIEF.md +65 -0
  121. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-02-dashboard-section-validation-i18n/pr.md +134 -0
  122. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-02-dashboard-section-validation-i18n/slice.json +80 -0
  123. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-03-base-branch-resolution-policy/CLOSURE_BRIEF.md +31 -0
  124. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-03-base-branch-resolution-policy/EXECUTION_BRIEF.md +80 -0
  125. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-03-base-branch-resolution-policy/pr.md +159 -0
  126. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-03-base-branch-resolution-policy/slice.json +102 -0
  127. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-04-next-plan-graph-ux-edge-cases/CLOSURE_BRIEF.md +25 -0
  128. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-04-next-plan-graph-ux-edge-cases/EXECUTION_BRIEF.md +74 -0
  129. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-04-next-plan-graph-ux-edge-cases/pr.md +147 -0
  130. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-04-next-plan-graph-ux-edge-cases/slice.json +91 -0
  131. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-05-evidence-robustness-path-safety/CLOSURE_BRIEF.md +28 -0
  132. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-05-evidence-robustness-path-safety/EXECUTION_BRIEF.md +73 -0
  133. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-05-evidence-robustness-path-safety/pr.md +146 -0
  134. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-05-evidence-robustness-path-safety/slice.json +100 -0
  135. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-06-namespace-compatibility-windows-scripts/CLOSURE_BRIEF.md +36 -0
  136. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-06-namespace-compatibility-windows-scripts/EXECUTION_BRIEF.md +76 -0
  137. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-06-namespace-compatibility-windows-scripts/pr.md +155 -0
  138. package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-06-namespace-compatibility-windows-scripts/slice.json +111 -0
  139. package/specs/quiver-v52-schema-docs-release-hygiene/EVIDENCE_REPORT.md +95 -0
  140. package/specs/quiver-v52-schema-docs-release-hygiene/EXECUTION_PLAN.md +31 -0
  141. package/specs/quiver-v52-schema-docs-release-hygiene/SPEC.md +107 -0
  142. package/specs/quiver-v52-schema-docs-release-hygiene/STATUS.md +22 -0
  143. package/specs/quiver-v52-schema-docs-release-hygiene/pr.md +69 -0
  144. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-00-schema-docs-release-baseline/CLOSURE_BRIEF.md +21 -0
  145. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-00-schema-docs-release-baseline/EXECUTION_BRIEF.md +60 -0
  146. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-00-schema-docs-release-baseline/slice.json +62 -0
  147. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-01-json-schema-for-slice-json/CLOSURE_BRIEF.md +34 -0
  148. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-01-json-schema-for-slice-json/EXECUTION_BRIEF.md +71 -0
  149. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-01-json-schema-for-slice-json/pr.md +146 -0
  150. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-01-json-schema-for-slice-json/slice.json +106 -0
  151. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-02-generated-cli-reference/CLOSURE_BRIEF.md +33 -0
  152. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-02-generated-cli-reference/EXECUTION_BRIEF.md +67 -0
  153. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-02-generated-cli-reference/pr.md +144 -0
  154. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-02-generated-cli-reference/slice.json +86 -0
  155. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-03-changelog-package-release-smoke-hygiene/CLOSURE_BRIEF.md +38 -0
  156. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-03-changelog-package-release-smoke-hygiene/EXECUTION_BRIEF.md +75 -0
  157. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-03-changelog-package-release-smoke-hygiene/pr.md +159 -0
  158. package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-03-changelog-package-release-smoke-hygiene/slice.json +105 -0
  159. package/src/create-quiver/commands/changelog.js +93 -0
  160. package/src/create-quiver/commands/config.js +16 -5
  161. package/src/create-quiver/commands/evidence.js +33 -2
  162. package/src/create-quiver/commands/flow.js +1 -0
  163. package/src/create-quiver/commands/graph.js +8 -2
  164. package/src/create-quiver/commands/plan.js +6 -0
  165. package/src/create-quiver/commands/spec.js +28 -13
  166. package/src/create-quiver/index.js +294 -94
  167. package/src/create-quiver/lib/ai/github.js +5 -2
  168. package/src/create-quiver/lib/ai/spec-templates.js +19 -0
  169. package/src/create-quiver/lib/cli/command-registry.js +71 -0
  170. package/src/create-quiver/lib/cli/parser.js +14 -0
  171. package/src/create-quiver/lib/evidence.js +161 -6
  172. package/src/create-quiver/lib/git.js +99 -0
  173. package/src/create-quiver/lib/i18n/messages/en.js +52 -7
  174. package/src/create-quiver/lib/i18n/messages/es.js +54 -9
  175. package/src/create-quiver/lib/init-docs.js +1 -1
  176. package/src/create-quiver/lib/init-layout.js +9 -8
  177. package/src/create-quiver/lib/lifecycle.js +24 -26
  178. package/src/create-quiver/lib/readiness.js +67 -56
  179. package/src/create-quiver/lib/spec-worktrees.js +16 -34
@@ -0,0 +1,197 @@
1
+ # Spec 01 - Recuperacion segura de ramas y extraccion incremental sin regresiones
2
+
3
+ ## 1. Resumen general
4
+
5
+ Esta spec define el proceso para analizar ramas abiertas, recuperar valor tecnico de ramas antiguas o conflictivas y evitar que la integracion rompa el proyecto. La iniciativa no implementa codigo por si misma. Establece criterios, gates y handoffs para que cualquier implementacion futura sea incremental, verificable y reversible.
6
+
7
+ La base operativa segura es `origin/main`, sujeta a verificacion de frescura del snapshot antes de ejecutar acciones finales. La rama local `main` no debe usarse como base mientras continue divergida de `origin/main`.
8
+
9
+ La rama `feature/QUIVER-46-49-cli-modernization` se considera fuente de extraccion parcial, no candidata a merge completo. Cualquier rama con `ahead=0` debe tratarse como sin delta pendiente, pero no como automaticamente eliminable.
10
+
11
+ ## 2. Objetivo
12
+
13
+ Crear un marco de decision y ejecucion para:
14
+
15
+ - Clasificar ramas locales y remotas sin modificar el working tree.
16
+ - Evitar merges grandes, cherry-picks amplios o cambios disruptivos.
17
+ - Preservar toda funcionalidad existente.
18
+ - Documentar cualquier modificacion de comportamiento con matriz antes/despues.
19
+ - Extraer valor de ramas conflictivas en slices pequenos, revisables y testeables.
20
+ - Requerir aprobacion explicita antes de eliminar ramas o implementar codigo.
21
+
22
+ ## 3. Contexto
23
+
24
+ El repositorio tiene multiples ramas locales y remotas abiertas. Varias ramas ya estan incluidas en `origin/main`, otras estan atrasadas, algunas contienen backups, drafts o cambios conflictivos. El analisis inicial identifico que `feature/QUIVER-46-49-cli-modernization` contiene una modernizacion amplia de CLI con conflictos textuales y riesgo semantico.
25
+
26
+ La prioridad es evitar fixes parciales. Antes de modificar parser, comandos, documentacion generada, tests o scripts, debe existir un baseline verificable del comportamiento actual.
27
+
28
+ ## 4. Problema u oportunidad que se aborda
29
+
30
+ El problema es que integrar ramas antiguas o grandes puede:
31
+
32
+ - Reintroducir decisiones obsoletas.
33
+ - Romper comandos existentes sin conflicto textual.
34
+ - Cambiar salidas `--json`, exit codes, aliases, flags o side effects.
35
+ - Generar documentacion inconsistente con la CLI real.
36
+ - Mezclar refactors con bumps de version o cambios de package.
37
+ - Eliminar ramas utiles por interpretar `ahead=0` como eliminable.
38
+
39
+ La oportunidad es convertir el estado de ramas en un backlog controlado, con extraccion selectiva y evidencia por slice.
40
+
41
+ ## 5. Alcance
42
+
43
+ Incluye:
44
+
45
+ - Snapshot verificable de ramas.
46
+ - Clasificacion de ramas con estados diferenciados.
47
+ - Baseline de comportamiento actual.
48
+ - Contrato de no regresion.
49
+ - Matriz de extraccion desde ramas conflictivas.
50
+ - Plan de parser y command registry con compatibilidad completa.
51
+ - Plan de extraccion de comandos y wrappers.
52
+ - Plan de docs, tests y evidencia.
53
+ - Plan de limpieza controlada de ramas con aprobacion explicita.
54
+ - Handoffs por slice: `EXECUTION_BRIEF.md` y `CLOSURE_BRIEF.md`.
55
+
56
+ ## 6. Fuera de alcance
57
+
58
+ No incluye:
59
+
60
+ - Implementar codigo.
61
+ - Hacer merge, rebase, push o cherry-pick.
62
+ - Eliminar ramas.
63
+ - Cambiar `package.json`, `package-lock.json` o version durante los slices de extraccion inicial.
64
+ - Resolver conflictos automaticamente.
65
+ - Ejecutar acciones destructivas.
66
+ - Tomar decisiones remotas finales sin verificar frescura del snapshot.
67
+
68
+ ## 7. Actores involucrados
69
+
70
+ - Tech Lead: define criterios, riesgos y aprobaciones.
71
+ - Implementador futuro: ejecuta slices aprobados.
72
+ - Reviewer: valida no regresion y coherencia de cambios.
73
+ - Maintainer del repo: aprueba limpieza de ramas y cambios de comportamiento.
74
+ - Usuarios de CLI: consumidores directos de comandos, flags, salidas y archivos generados.
75
+ - Automatizaciones/CI: consumidores de exit codes, `--json`, scripts y outputs estables.
76
+
77
+ ## 8. Requerimientos funcionales
78
+
79
+ - FR-01: El proceso debe identificar rama base, SHA base, fecha del snapshot y frescura del dato.
80
+ - FR-02: Cada rama debe clasificarse como `sin delta`, `merge candidata`, `extraccion candidata`, `cerrable`, `eliminable con aprobacion`, `protegida/no tocar`, `historica` o `requiere revision`.
81
+ - FR-03: Toda rama conflictiva debe distinguir conflicto textual, semantico y de contrato.
82
+ - FR-04: Antes de extraer codigo debe existir baseline de comportamiento actual.
83
+ - FR-05: El baseline debe cubrir comandos, aliases, flags, `--help`, `--json`, exit codes, stdout, stderr, archivos generados, scripts, exports internos, templates y docs generadas.
84
+ - FR-06: Ninguna funcionalidad existente puede quitarse sin aprobacion explicita.
85
+ - FR-07: Si una funcionalidad se modifica, debe documentarse que hacia antes, por que cambia, cual es la mejora y como se valida.
86
+ - FR-08: La extraccion desde ramas viejas debe clasificar cada hallazgo como `extraer codigo`, `extraer concepto`, `rehacer` o `descartar`.
87
+ - FR-09: Parser y command registry deben tratarse como cambios transversales de alto riesgo.
88
+ - FR-10: Cualquier limpieza de ramas requiere aprobacion explicita por rama o grupo claramente listado.
89
+
90
+ ## 9. Requerimientos no funcionales
91
+
92
+ - NFR-01: El proceso debe ser auditable y reproducible.
93
+ - NFR-02: Los slices deben ser pequenos, revisables y con gates claros.
94
+ - NFR-03: Los comandos Git sugeridos deben ser read-only salvo aprobacion explicita.
95
+ - NFR-04: La documentacion debe ser apta para humanos y agentes.
96
+ - NFR-05: La implementacion futura debe ser reversible mediante rollback definido por slice.
97
+ - NFR-06: La evidencia debe distinguir validado, no validado y pendiente.
98
+
99
+ ## 10. Reglas de negocio
100
+
101
+ - BR-01: `origin/main` es la unica base recomendada para nuevas ramas, sujeto a snapshot fresco.
102
+ - BR-02: `main` local divergida no es base segura.
103
+ - BR-03: `ahead=0` no autoriza eliminacion.
104
+ - BR-04: `merge-tree` no es suficiente para declarar una rama segura.
105
+ - BR-05: Cambios de parser, package, i18n, docs generadas, CI o tests son riesgo alto aunque no haya conflicto textual.
106
+ - BR-06: No se deben mezclar refactors con bumps de version.
107
+ - BR-07: No se debe hacer cherry-pick completo de commits grandes sin analisis previo.
108
+ - BR-08: Cada cambio de comando requiere matriz antes/despues.
109
+ - BR-09: Cada slice debe poder cerrarse con evidencia o quedar explicitamente bloqueado.
110
+ - BR-10: Implementar codigo requiere pedido explicito posterior.
111
+
112
+ ## 11. Flujo general
113
+
114
+ 1. Tomar snapshot verificable de ramas y base.
115
+ 2. Clasificar ramas con evidencia y riesgo.
116
+ 3. Construir baseline del comportamiento actual.
117
+ 4. Definir contrato de no regresion.
118
+ 5. Evaluar ramas candidatas para extraccion parcial.
119
+ 6. Planificar parser/command registry contra baseline.
120
+ 7. Planificar comandos/wrappers con matriz antes/despues.
121
+ 8. Alinear docs, tests y evidencia.
122
+ 9. Proponer limpieza de ramas sin ejecutarla.
123
+
124
+ ## 12. Entradas y salidas relevantes
125
+
126
+ Entradas:
127
+
128
+ - Refs locales y remotos.
129
+ - `origin/main` y su SHA.
130
+ - Resultado de `git diff`, `git log`, `git cherry`, `git merge-base` y `git merge-tree`.
131
+ - Baseline de comandos CLI.
132
+ - Requerimientos aprobados por el usuario.
133
+
134
+ Salidas:
135
+
136
+ - Inventario de ramas clasificado.
137
+ - Baseline de comportamiento actual.
138
+ - Contrato de no regresion.
139
+ - Matriz de extraccion.
140
+ - Handoffs por slice.
141
+ - Recomendaciones de limpieza pendientes de aprobacion.
142
+
143
+ ## 13. Dependencias
144
+
145
+ - Git disponible localmente.
146
+ - Refs remotos presentes en el repo local.
147
+ - Posible `fetch` futuro si se aprueba verificar frescura remota.
148
+ - Conocimiento de comandos CLI actuales.
149
+ - Tests existentes y documentacion del repo.
150
+
151
+ ## 14. Riesgos, restricciones o consideraciones
152
+
153
+ - Snapshot remoto puede estar desactualizado.
154
+ - Algunas ramas pueden ser historicas o protegidas.
155
+ - Ramas antiguas pueden contener ideas utiles con codigo obsoleto.
156
+ - Parser/registry puede romper toda la CLI.
157
+ - Tests nuevos pueden reemplazar cobertura vieja sin equivalencia.
158
+ - Docs generadas pueden divergir de la CLI real.
159
+ - Cambios de `--json`, exit codes o side effects pueden romper automatizaciones.
160
+
161
+ ## 15. Estrategia de slicing
162
+
163
+ La estrategia prioriza reduccion de riesgo antes de extraccion tecnica. Primero se documenta el estado de ramas, despues se establece el baseline de comportamiento, luego el contrato de no regresion y recien despues se planifican extracciones.
164
+
165
+ Los slices son documentales y preparatorios. No implementan codigo. Cada slice incluye handoffs para ejecucion futura.
166
+
167
+ ## 16. Roadmap de slices
168
+
169
+ | Slice | Nombre | Objetivo |
170
+ |---|---|---|
171
+ | `01-slice` | Snapshot verificable de ramas | Crear inventario confiable y clasificable. |
172
+ | `02-slice` | Baseline de comportamiento actual | Saber que no se puede romper. |
173
+ | `03-slice` | Contrato de no regresion | Convertir compatibilidad en reglas verificables. |
174
+ | `04-slice` | Matriz de extraccion por rama | Decidir que rescatar, rehacer o descartar. |
175
+ | `05-slice` | Parser y command registry | Planificar cambio transversal con gates completos. |
176
+ | `06-slice` | Comandos y wrappers | Planificar extraccion por comando con antes/despues. |
177
+ | `07-slice` | Docs, tests y evidencia | Alinear pruebas y documentacion con comportamiento real. |
178
+ | `08-slice` | Limpieza controlada de ramas | Proponer cierre/eliminacion solo con aprobacion. |
179
+
180
+ ## 17. Supuestos, pendientes y preguntas abiertas
181
+
182
+ Supuestos:
183
+
184
+ - El snapshot actual sirve para planificar, pero acciones finales requieren verificacion de frescura.
185
+ - La prioridad es estabilidad sobre velocidad de integracion.
186
+ - No se implementara codigo hasta una instruccion explicita posterior.
187
+
188
+ Pendientes:
189
+
190
+ - Confirmar si se permitira `fetch` antes de acciones remotas finales.
191
+ - Definir si hay ramas protegidas por politica externa al repo local.
192
+ - Definir comandos criticos de CLI si el baseline no puede cubrir todos en una primera pasada.
193
+
194
+ Preguntas abiertas:
195
+
196
+ - Que ramas deben conservarse como historicas aunque no tengan delta?
197
+ - Que nivel de evidencia se exigira para aprobar cambios en `--json`?
@@ -236,6 +236,7 @@ Qué hace:
236
236
  ## 14. Validar antes del PR
237
237
 
238
238
  ```bash
239
+ npx --yes create-quiver@latest check-pr specs/<spec-slug>/slices/<slice-id>/slice.json
239
240
  npx --yes create-quiver@latest spec validate specs/<spec-slug> --strict
240
241
  npx --yes create-quiver@latest next --all-ready --spec <spec-slug>
241
242
  git diff --check
@@ -243,8 +244,9 @@ git diff --check
243
244
 
244
245
  Qué hace:
245
246
 
247
+ - valida que el slice tenga cuerpo de PR y secciones requeridas;
246
248
  - confirma que el paquete de spec esté completo;
247
- - confirma que no queden slices listos sin ejecutar;
249
+ - confirma el estado de los slices de la spec;
248
250
  - revisa whitespace.
249
251
 
250
252
  También corré validaciones propias del proyecto:
@@ -257,7 +259,26 @@ npm run lint
257
259
 
258
260
  Usá solo los scripts que existan en el proyecto.
259
261
 
260
- ## 15. Previsualizar creación del PR
262
+ ## 15. Preparar el PR
263
+
264
+ Regla de política:
265
+
266
+ - un slice equivale a un PR por defecto;
267
+ - un PR agrupado sólo aplica a 2-3 slices docs-only, research-only o limpieza mecánica de bajo riesgo;
268
+ - no agrupes cambios de comportamiento, UI, backend, refactor, performance, Supabase, Edge Functions, auth, storage, preview, tests o CI que afecten gates.
269
+
270
+ Para PR individual de slice, usá el `pr.md` del slice como cuerpo del PR y mantené evidencia separada:
271
+
272
+ ```bash
273
+ gh pr create \
274
+ --draft \
275
+ --title "<slice title>" \
276
+ --body-file specs/<spec-slug>/slices/<slice-id>/pr.md \
277
+ --base <base-branch> \
278
+ --head <current-branch>
279
+ ```
280
+
281
+ Para PRs agrupados permitidos o PRs documentales que usan el cuerpo generado de spec, primero previsualizá con Quiver:
261
282
 
262
283
  ```bash
263
284
  npx --yes create-quiver@latest ai pr \
@@ -280,6 +301,18 @@ Adaptá `--identity-file` a la ruta real de tu máquina, por ejemplo `~/ssh/gith
280
301
 
281
302
  ## 16. Crear el pull request
282
303
 
304
+ Para PR individual de slice, crealo con `gh` usando el cuerpo del slice:
305
+
306
+ ```bash
307
+ gh pr create \
308
+ --title "<slice title>" \
309
+ --body-file specs/<spec-slug>/slices/<slice-id>/pr.md \
310
+ --base <base-branch> \
311
+ --head <current-branch>
312
+ ```
313
+
314
+ Para PRs agrupados permitidos o documentales que usan `specs/<spec-slug>/pr.md`, podés usar Quiver:
315
+
283
316
  ```bash
284
317
  npx --yes create-quiver@latest ai pr \
285
318
  --create \
@@ -293,10 +326,20 @@ Qué hace:
293
326
 
294
327
  - abre el PR usando `gh`;
295
328
  - usa el cuerpo generado en `pr.md`;
296
- - bloquea la creación si todavía quedan slices abiertos.
329
+ - aplica preflight antes de crear el PR.
330
+
331
+ Merge:
332
+
333
+ - el merge humano es el default;
334
+ - el agente puede crear el PR, corregir CI, monitorear checks y marcarlo como listo;
335
+ - no uses auto-merge asistido salvo autorización explícita para ese PR o para una categoría documentada;
336
+ - el auto-merge asistido sólo aplica a docs-only o chore-only de bajo riesgo, sin runtime, sin configuración productiva, con checks verdes y sin comentarios pendientes;
337
+ - el auto-merge asistido está prohibido para UI, Supabase, Edge Functions, auth, storage, preview, performance, refactors y cambios con rollback dudoso.
297
338
 
298
339
  ## 17. Después del merge
299
340
 
341
+ Usá este cierre sólo después de que el último PR de la spec haya sido mergeado.
342
+
300
343
  ```bash
301
344
  npx --yes create-quiver@latest spec close specs/<spec-slug> --dry-run
302
345
  npx --yes create-quiver@latest spec close specs/<spec-slug>
@@ -1,4 +1,41 @@
1
1
  # Guía de Git y PR
2
2
 
3
- Usá un branch, un worktree y un PR por slice.
3
+ Usá un branch, un worktree y un PR por slice por defecto.
4
4
 
5
+ ## Regla base
6
+
7
+ - Un slice equivale a un commit.
8
+ - Un slice equivale a un PR por defecto.
9
+ - Un spec puede generar múltiples PRs.
10
+ - Los PRs agrupados son excepciones y deben cumplir la política de agrupación.
11
+
12
+ ## PR individual obligatorio
13
+
14
+ Abrí un PR individual para cualquier slice que incluya:
15
+
16
+ - código funcional;
17
+ - UI/UX;
18
+ - Supabase, Edge Functions, auth o storage;
19
+ - preview o comportamiento de deploy;
20
+ - performance o code-splitting;
21
+ - refactors;
22
+ - tests o CI que afecten gates.
23
+
24
+ ## PR agrupado permitido
25
+
26
+ Un PR agrupado está permitido sólo si:
27
+
28
+ - incluye como máximo 2-3 slices;
29
+ - todos los slices son docs-only, research-only o limpieza mecánica de bajo riesgo;
30
+ - no cambia comportamiento;
31
+ - no mezcla docs con UI, backend, refactor o performance;
32
+ - cada slice mantiene evidencia separada;
33
+ - el PR completo puede revertirse sin dejar estado parcial.
34
+
35
+ ## Merge y auto-merge
36
+
37
+ - El merge humano es el default.
38
+ - Los agentes IA pueden crear PRs, corregir CI, monitorear checks y marcar PRs como listos.
39
+ - El auto-merge asistido sólo está permitido con autorización humana explícita para ese PR o para una categoría documentada.
40
+ - El auto-merge asistido sólo aplica a PRs docs-only o chore-only de bajo riesgo, sin runtime, sin configuración productiva, con checks verdes y sin comentarios pendientes.
41
+ - El auto-merge asistido está prohibido para UI, Supabase, Edge Functions, auth, storage, preview, performance, refactors y cambios con rollback dudoso.
package/package.json CHANGED
@@ -1,20 +1,33 @@
1
1
  {
2
2
  "name": "create-quiver",
3
- "version": "0.15.4",
3
+ "version": "0.16.0",
4
4
  "private": false,
5
5
  "description": "Quiver CLI for scaffolding projects from the packaged template",
6
6
  "license": "MIT",
7
+ "engines": {
8
+ "node": ">=20.12.0"
9
+ },
7
10
  "bin": {
8
11
  "create-quiver": "bin/create-quiver.js",
9
12
  "quiver": "bin/create-quiver.js"
10
13
  },
11
14
  "scripts": {
15
+ "test": "node scripts/ci/run-node-tests.js",
16
+ "test:ci": "node scripts/ci/run-node-tests.js",
17
+ "docs:lint": "node scripts/ci/check-docs-markdown.js",
18
+ "docs:links": "node scripts/ci/check-doc-links.js",
19
+ "docs:commands:write": "node scripts/ci/check-command-reference.js --write",
20
+ "docs:commands:check": "node scripts/ci/check-command-reference.js --check",
21
+ "docs:check": "npm run docs:lint && npm run docs:links && npm run docs:commands:check",
22
+ "changelog:check": "node scripts/ci/check-changelog.js",
23
+ "schema:slice:check": "node scripts/ci/check-slice-schema.js",
12
24
  "check:slice": "bash tools/scripts/check-slice-readiness.sh",
13
25
  "check:pr": "bash tools/scripts/check-pr-readiness.sh",
14
26
  "start:slice": "bash tools/scripts/start-slice.sh",
15
27
  "cleanup:slice": "bash tools/scripts/cleanup-slice.sh",
16
28
  "migrate": "bash tools/scripts/migrate-project.sh",
17
29
  "quiver:version": "npx create-quiver version",
30
+ "quiver:migrate": "node bin/create-quiver.js migrate",
18
31
  "quiver:analyze": "npx create-quiver analyze",
19
32
  "quiver:flow": "npx create-quiver flow",
20
33
  "quiver:dashboard": "npx create-quiver dashboard",
@@ -45,6 +58,14 @@
45
58
  "quiver:spec:status": "npx create-quiver spec status",
46
59
  "quiver:spec:validate": "npx create-quiver spec validate",
47
60
  "quiver:spec:close": "npx create-quiver spec close",
61
+ "quiver:start-slice": "node bin/create-quiver.js slice start",
62
+ "quiver:check-slice": "node bin/create-quiver.js slice check",
63
+ "quiver:check-pr": "node bin/create-quiver.js slice pr",
64
+ "quiver:check-scope": "node bin/create-quiver.js slice scope",
65
+ "quiver:cleanup-slice": "node bin/create-quiver.js slice cleanup",
66
+ "quiver:refresh-active-slices": "node bin/create-quiver.js slice refresh-active",
67
+ "quiver:check-handoff": "node bin/create-quiver.js handoff check",
68
+ "quiver:new-handoff": "node bin/create-quiver.js handoff new",
48
69
  "package:quiver": "bash scripts/package-quiver.sh",
49
70
  "smoke:create-quiver": "bash scripts/ci/smoke-create-quiver.sh",
50
71
  "smoke:doctor-fixtures": "node scripts/ci/smoke-doctor-fixtures.js",
@@ -55,5 +76,10 @@
55
76
  "dependencies": {
56
77
  "@clack/prompts": "^1.4.0",
57
78
  "zod": "^4.4.3"
79
+ },
80
+ "devDependencies": {
81
+ "ajv": "^8.18.0",
82
+ "markdown-link-check": "^3.14.2",
83
+ "markdownlint-cli2": "^0.22.1"
58
84
  }
59
85
  }
package/pr.md ADDED
@@ -0,0 +1,154 @@
1
+ ## Title
2
+
3
+ chore(release): 0.16.0
4
+
5
+ ## Summary
6
+
7
+ Prepares `create-quiver` `0.16.0` for publication. This release bumps package metadata from `0.15.3` to `0.16.0` and updates the changelog with the newly integrated read-only `changelog` command, parser/registry extraction, Spec 01 closure package, and release-readiness command-role audit.
8
+
9
+ ## PR Policy
10
+
11
+ - One release = one commit.
12
+ - Base branch: `main`.
13
+ - Branch: `release/create-quiver-0.16.0`.
14
+ - Human merge required.
15
+ - This PR does not publish to npm.
16
+ - Publishing remains explicitly guarded by `QUIVER_ALLOW_NPM_PUBLISH=1` and npm auth.
17
+
18
+ ## Scope
19
+
20
+ Includes:
21
+
22
+ - Bump `package.json` to `0.16.0`.
23
+ - Bump `package-lock.json` root/package versions to `0.16.0`.
24
+ - Update `CHANGELOG.md` with release notes for the command wrapper, parser/registry extraction, evidence gates, and Spec 01 closure.
25
+ - Validate the CLI command surface and release gates before opening the PR.
26
+
27
+ Excludes:
28
+
29
+ - No `npm publish`.
30
+ - No npm tag creation.
31
+ - No Git tag creation.
32
+ - No branch cleanup.
33
+ - No runtime code changes beyond already-merged slices.
34
+
35
+ ## Files
36
+
37
+ - `package.json`
38
+ - `package-lock.json`
39
+ - `CHANGELOG.md`
40
+
41
+ ## How to Test (DETAILED - REQUIRED)
42
+
43
+ ### Required Environment
44
+
45
+ - Node.js and npm installed.
46
+ - Dependencies installed with `npm ci` or existing `node_modules` available.
47
+ - Git checkout of this PR branch.
48
+ - npm publish credentials are not required for PR validation.
49
+
50
+ ### Worktree Access
51
+
52
+ 1. Checkout `release/create-quiver-0.16.0`.
53
+ 2. Confirm the package version is `0.16.0`:
54
+
55
+ ```bash
56
+ node -e "const p=require('./package.json'); const l=require('./package-lock.json'); console.log(p.version, l.version, l.packages[''].version)"
57
+ ```
58
+
59
+ 3. Confirm only release metadata files changed:
60
+
61
+ ```bash
62
+ git diff --stat origin/main...HEAD
63
+ ```
64
+
65
+ ### Run the Project
66
+
67
+ No server is required. This is a CLI package release PR.
68
+
69
+ ### Use Cases
70
+
71
+ 1. Confirm release version metadata.
72
+
73
+ Expected:
74
+
75
+ - `package.json` reports `0.16.0`.
76
+ - `package-lock.json` reports `0.16.0` at root and package entry.
77
+
78
+ 2. Confirm changelog explains why the release exists.
79
+
80
+ Expected:
81
+
82
+ - `CHANGELOG.md` includes `changelog` command notes.
83
+ - `CHANGELOG.md` includes parser/registry extraction and release-readiness evidence notes.
84
+
85
+ 3. Confirm the new command role.
86
+
87
+ Expected:
88
+
89
+ - `changelog` is read-only.
90
+ - Human output explains packaged release notes.
91
+ - JSON output is parseable for automation.
92
+
93
+ 4. Confirm public command roles are understood before publish.
94
+
95
+ Expected:
96
+
97
+ - Help/version/changelog/config are direct inspection commands.
98
+ - Init/analyze/migrate/demo/evidence write only in explicit or fixture-safe modes.
99
+ - Flow/dashboard/plan/graph/next/spec/slice/handoff commands describe workflow state and validation.
100
+ - AI commands are lifecycle, planning, provider-profile, execution, inspection, and PR-preflight surfaces.
101
+ - Commands with missing prerequisites fail with actionable, controlled errors instead of crashes.
102
+
103
+ ### Technical Verification
104
+
105
+ Run:
106
+
107
+ ```bash
108
+ npm run changelog:check
109
+ npm run docs:check
110
+ npm run schema:slice:check
111
+ npm test
112
+ ```
113
+
114
+ Optional release dry-run from a clean worktree:
115
+
116
+ ```bash
117
+ npm ci
118
+ bash scripts/release-quiver.sh patch
119
+ ```
120
+
121
+ Expected:
122
+
123
+ - Changelog validation passes.
124
+ - Docs lint/link/generated command reference checks pass.
125
+ - Slice schema validation passes.
126
+ - Full test suite passes.
127
+ - Release dry-run passes through changelog/docs/schema, installer smoke, package artifact, and installed CLI smoke.
128
+
129
+ ## Evidence
130
+
131
+ Validated locally before PR:
132
+
133
+ - `npm run changelog:check`: OK, `Unreleased entries: 26`.
134
+ - `npm run docs:check`: OK.
135
+ - `npm run schema:slice:check`: OK.
136
+ - `npm test`: OK, `655/655` pass.
137
+ - Manual command-role audit: OK after correcting fixtures/preconditions.
138
+ - `changelog` human output: OK.
139
+ - `changelog --json`: OK, parseable JSON.
140
+ - `status --json`: controlled unsupported top-level command, as intended.
141
+ - Release dry-run in clean temporary worktree with `npm ci`: OK.
142
+ - Package smoke: OK, `create-quiver-0.16.0.tgz` installed CLI smoke passed.
143
+
144
+ ## Rollback
145
+
146
+ Revert the single release commit before merge. If already merged but not published, revert the release commit on `main`. If already published, do not unpublish by default; publish a corrective patch release instead.
147
+
148
+ ## Risks / Notes
149
+
150
+ - npm `latest` is currently `0.15.4`; this PR intentionally prepares `0.16.0` because the public CLI surface changed with `changelog`.
151
+ - Local `npm whoami` previously returned `401 Unauthorized`; publishing requires npm login before the final publish step.
152
+ - `QUIVER_ALLOW_NPM_PUBLISH=1` must be explicitly set for guarded publish flows.
153
+ - The release script does not publish in this PR.
154
+ - Local `pr.md` is not part of the PR commit.
@@ -6,6 +6,9 @@ repo_root="$(git rev-parse --show-toplevel)"
6
6
  temp_root="$(mktemp -d "${TMPDIR:-/tmp}/quiver-pack.XXXXXX")"
7
7
  pack_dir="$temp_root/pack"
8
8
  npm_cache="$temp_root/npm-cache"
9
+ install_root="$temp_root/install-root"
10
+ dry_run_target="$temp_root/dry-run-project"
11
+ cli_version="$(node -p 'require(process.argv[1]).version' "$repo_root/package.json")"
9
12
 
10
13
  cleanup() {
11
14
  rm -rf "$temp_root"
@@ -15,13 +18,14 @@ trap cleanup EXIT
15
18
 
16
19
  mkdir -p "$pack_dir"
17
20
  mkdir -p "$npm_cache"
21
+ mkdir -p "$install_root"
18
22
 
19
23
  pack_json="$(
20
24
  cd "$repo_root" && npm_config_cache="$npm_cache" npm pack --json --pack-destination "$pack_dir"
21
25
  )"
22
26
 
23
27
  tarball_name="$(
24
- node -e 'const data = JSON.parse(process.argv[1]); process.stdout.write(data[0].filename);' "$pack_json"
28
+ printf '%s\n' "$pack_json" | node -e 'const fs = require("node:fs"); const data = JSON.parse(fs.readFileSync(0, "utf8")); process.stdout.write(data[0].filename);'
25
29
  )"
26
30
  tarball_path="$pack_dir/$tarball_name"
27
31
 
@@ -68,6 +72,41 @@ require_absent() {
68
72
  fi
69
73
  }
70
74
 
75
+ reject_forbidden_content_patterns() {
76
+ local path
77
+
78
+ while IFS= read -r path; do
79
+ case "$path" in
80
+ package/package-lock.json|\
81
+ package/CLI_ANALYSIS.md|\
82
+ package/REQUERIMIENTOS_DERIVADOS_DE_AUDITORIA.md|\
83
+ package/Documentation_Report.pdf|\
84
+ package/WORKTREE_CONTEXT.md|\
85
+ package/.DS_Store|\
86
+ package/*/.DS_Store|\
87
+ package/*.pdf|\
88
+ package/.env|\
89
+ package/.env.*|\
90
+ package/.npmrc|\
91
+ package/.npm/*|\
92
+ package/.ssh/*|\
93
+ package/ssh/*|\
94
+ package/*.pem|\
95
+ package/*.key|\
96
+ package/.claude/*|\
97
+ package/.codex/*|\
98
+ package/.quiver/*|\
99
+ package/.worktrees/*|\
100
+ package/tests/*|\
101
+ package/examples/*|\
102
+ package/scripts/ci/*)
103
+ echo "FAIL: el paquete incluye contenido fuera del contrato: $path" >&2
104
+ exit 1
105
+ ;;
106
+ esac
107
+ done <<<"$contents"
108
+ }
109
+
71
110
  required_paths=(
72
111
  "package/package.json"
73
112
  "package/bin/create-quiver.js"
@@ -93,6 +132,9 @@ required_paths=(
93
132
  "package/.github/ISSUE_TEMPLATE/feature_request.md"
94
133
  "package/.github/workflows/ci.yml"
95
134
  "package/docs/INDEX.md.template"
135
+ "package/docs/reference/commands.md"
136
+ "package/docs/schema/slice.schema.json"
137
+ "package/docs/reference/slice-schema.md"
96
138
  "package/docs/DOCUMENTATION_GUIDE.md.template"
97
139
  "package/docs/WORKFLOW.md.template"
98
140
  "package/docs/SUPPORT_MATRIX.md.template"
@@ -127,8 +169,16 @@ done
127
169
 
128
170
  excluded_paths=(
129
171
  "package/package-lock.json"
172
+ "package/CLI_ANALYSIS.md"
173
+ "package/REQUERIMIENTOS_DERIVADOS_DE_AUDITORIA.md"
174
+ "package/Documentation_Report.pdf"
175
+ "package/.DS_Store"
176
+ "package/WORKTREE_CONTEXT.md"
130
177
  "package/tests/"
131
178
  "package/examples/"
179
+ "package/.claude/"
180
+ "package/.codex/"
181
+ "package/.quiver/"
132
182
  "package/.worktrees/"
133
183
  "package/specs/quiver-v01/"
134
184
  "package/specs/quiver-v02-bootstrap-hardening/"
@@ -144,4 +194,34 @@ for path in "${excluded_paths[@]}"; do
144
194
  fi
145
195
  done
146
196
 
147
- printf 'Package smoke passed: %s\n' "$tarball_name"
197
+ reject_forbidden_content_patterns
198
+
199
+ npm_config_cache="$npm_cache" npm install --prefix "$install_root" "$tarball_path" --ignore-scripts --no-audit --no-fund >/dev/null
200
+ installed_cli="$install_root/node_modules/create-quiver/bin/create-quiver.js"
201
+
202
+ if [[ ! -f "$installed_cli" ]]; then
203
+ echo "FAIL: no se encontró el CLI instalado en $installed_cli" >&2
204
+ exit 1
205
+ fi
206
+
207
+ installed_semver="$(node "$installed_cli" --version)"
208
+ if [[ "$installed_semver" != "$cli_version" ]]; then
209
+ echo "FAIL: el CLI instalado devolvió versión '$installed_semver', esperada '$cli_version'" >&2
210
+ exit 1
211
+ fi
212
+
213
+ installed_help="$(node "$installed_cli" --help)"
214
+ if [[ "$installed_help" != *"version [--json]"* ]] \
215
+ || [[ "$installed_help" != *"spec create"* ]] \
216
+ || [[ "$installed_help" != *"slice start|check|pr|scope|cleanup|refresh-active"* ]]; then
217
+ echo "FAIL: la ayuda del CLI instalado no expone comandos públicos esperados" >&2
218
+ exit 1
219
+ fi
220
+
221
+ node "$installed_cli" init --dry-run --name "Package Smoke" --dir "$dry_run_target" --skip-install >/dev/null
222
+ if [[ -e "$dry_run_target" ]]; then
223
+ echo "FAIL: init --dry-run del CLI instalado escribió en $dry_run_target" >&2
224
+ exit 1
225
+ fi
226
+
227
+ printf 'Package smoke passed: %s (installed CLI smoke passed)\n' "$tarball_name"